cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4763
Views
10
Helpful
7
Replies

ISE BYOD ANDROID ACL FOR GOOGLE PLAY

Simon Parlsjo
Level 1
Level 1

Hi,

 

Is there anyone out there who has an ACL (DNS and IP) that works for google play access during the BYOD flow for Android.

I am located in Europe and there doesn’t seem to be any example that works.

1 Accepted Solution

Accepted Solutions

So what happens when you try to run through the BYOD flow?

Thank you for rating helpful posts!

View solution in original post

7 Replies 7

nspasov
Cisco Employee
Cisco Employee

Hello Simon-

What does your ACL look like?

There are a couple of easy ways you can do this:

1. If you are running version 7.6 and later then you can use DNS based ACL entries. That way a single entry can permit the google play store

2. If #1 is not an option then you can make the provisioning ACL for google play less restrictive. For instance, my regular provisioning ACL is pretty locked down, but the one for Android blocks all of my internal networks (except ISE servers and DNS) and then permits all Internet access. 

I hope this helps!

Thank you for rating helpful posts!

HI,

I have tried with a lot of diffrent URLs and IP ranges. Currently i'm trying with the following: 

DNS

  • Android.clients.google.*.*
  • Www.googleapis.*.*
  • Play.google.*.*
  • Ggpht.com.*.*
  • Android.pool.ntp.*.*
  • Market.android.*.*
  • Mtalk.google.*.*
  • *.android.clients.google.*.*
  • *.*.android.clients.google.*.*
  • *.gstatic.*.* (for bypassing internet check on Android - Disables mini-browser pop-up)

IP

  • 74.125.0.0/16
  • 173.194.0.0/16
  • 173.227.0.0/16
  • 206.111.0.0/16
  • 203.42.0.x/16
  • 8.35.0.0/16

So what happens when you try to run through the BYOD flow?

Thank you for rating helpful posts!

Hi

 

I accentliy marked this as answered. Is there a way to undo this?

 

With the ACL above I am not even able to access google play.

 

I also tried with the following and then I can go all the way to download. But when I tap the link to start the download it is stuck in Downloading state.

 

play.google.com

google.co

store.google.com

.googleapis.com

gstaic.com

accounts.youtube.com

dns.cisco.com

.appspot.com

ggpht.com

market.android.com

android.pool.ntp.org

google-analytics.com

.googleusercontext.com

Hi Simon, I have the same issue we also tried to monitor the traffic in our firewall and put those IP addresses in the ACL or even put different DNS-based entries in the ACL.

Do you have now the fix for this? Thanks

Having the same issue as you SImon, it seems to be stuck at the downloading state and not progressing further. Did you happen to find a solution for this?

jan.nielsen
Level 7
Level 7

Also, be aware that not all AP's support DNS ACL's, and that before 8.2 it's my experience that DNS ACL's were a bit buggy. You might wan't to make sure DNS Snooping is actually being activated in the AP, and the WLC is recieving host/ip records from the AP's when you are doing the DNS lookup from your clients.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: